You seem to be interpreting the question differently to everyone else.if this changes they will obviously carry out a review
Thank you all for your replies and I will follow up the advice given. The Occupational Health Company that carried out my assessment clearly states that they will send the report to 'my employer' and that I should request a copy of the report from them or in writing from the Occupational Health Company. I did sign a form to agree to the examination but I was assured that it was confidential and I am writing to them today for clarification. It will take me some time to get working on it but again thanks you for your help.
The employer has the right to know what measures they should take to ensure the health and safety of their other employees and customers but they do not have the right to know the details of an illness. For example if the employee has a contagious illness they the employer has the right to know that it is contagious but they have no right to know what the specific illness is.An employer does have a right to know the nature of an employees illness in certain circumstances and this has been confirmed by the Data Protection Commissioner. This is restricted to grounds of Health and Safety (so for example, if an employee was diganosed with Coroanvirus an employer may have the right to know) or if the nature of the employees job meant the illness would put them or others at risk of injury.
The employer has the right to know what measures they should take to ensure the health and safety of their other employees and customers but they do not have the right to know the details of an illness. For example if the employee has a contagious illness they the employer has the right to know that it is contagious but they have no right to know what the specific illness is.
Sure, if they have smallpox or something like that but other than "certain very specific circumstances" where they "may be legally obliged" they just give a sick note stating that the person cannot attend work due to a contagious illness. They inform the employer in cases where there is a risk that other employees may be carrying a virus so that they can be tested. In practical terms, and in the context of this thread, that doesn't apply.That's not correct.
The exact quote from the 2013 DPC annual report states
in certain very specific circumstances a doctor may be legally obliged to report certain illnesses to an employer for health and safety reasons and we recognise the need for this practice, particularly in the case of contagious diseases
Sure, if they have smallpox or something like that
I agree more Information is required before making a call, just remember line managers supervisors/employees can be personally held responsible for not taking actions when its comes to Health and safety ,from time to time they have to make sure the hold the correct end of the stick if they see something coming down the track they could be held responsible for if not correctly informed and take action so they are protected,Decent write-up on finding the right balance here. More information from the OP would be required to make a call here, but of course they may not want to share that level of detail in case they are identified.
I agree more Information is required before making a call, just remember line managers supervisors/employees can be personally held responsible for not taking actions when its comes to Health and safety ,from time to time they have to make sure the hold the correct end of the stick if they see something coming down the track they could be held responsible for if not correctly informed and take action so they are protected,
Sharing it with a 'consultant company' for clarifications seems to me to be a pretty clear GDPR breach.
Again, we don't know what information was shared with the consultants or what their relationship was. Some companies have retainers for HR / legal advice for situations like this where they don't have the expertise in-house. Asking another company what the appropriate response to an employee's medical situation does not constitute a GDPR if it was appropriately redacted.
No issue about privacy of data - that’s the law. However - if the condition affects work ability then the manager / hr has a right to know that a condition exists. I am aware of many staff who have ‘hidden’ conditions and this led to issues with their ability to work effectively - including significant mental health issues that could have easily been supported by the employer - manager if they were aware of same for the mutual benefit of all. I am also aware of people with hiv/ hep infections that do not affect their ability to work - so manager / employer has no Right to know, except to facilitate regular medical check ups , etc.
there has be a policy as they are processing the employees personal data. It doesn't matter if it is redacted or not. The employer still has to show they had a legitimate reason for processing the medical information and that the employee clearly gave specific and clear consent for it to be processed.
If the employee's identity has been redacted from the information shared, GDPR no longer applies. The company is entitled to process and share such information as they see fit.
Medical information is classified as sensitive personal data.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?